Daily NCSC-FI news followup 2020-08-29

Emotet malware’s new ‘Red Dawn’ attachment is just as dangerous

www.bleepingcomputer.com/news/security/emotet-malwares-new-red-dawn-attachment-is-just-as-dangerous/ The Emotet botnet has begun to use a new template for their malicious attachments, and it is just as dangerous as ever. After a five-month “vacation, ” the Emotet malware returned in July 2020 and began to spew massive amounts of malicious spam worldwide. These spam campaigns pretend to be invoices, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.. When opened, these attachments will prompt a user to ‘Enable Content’ so that malicious macros will run to install the Emotet malware on a victim’s computer.. Emotet is considered the most widely spread malware targeting users today. It is also particularly harmful as it will install other dangerous malware such as Trickbot and QBot onto a victim’s computer. Due to this, it is vital to recognize the malicious document templates used by Emotet so that you do not accidentally become infected.

Threat Actor Profile: TA2719 Uses Colorful Lures to Deliver RATs in Local Languages

www.proofpoint.com/us/blog/threat-insight/threat-actor-profile-ta2719-uses-colorful-lures-deliver-rats-local-languages In late March 2020, Proofpoint researchers began tracking a new actor with a penchant for using NanoCore and later AsyncRAT, popular commodity remote access trojans (RATs). Dubbed TA2719 by Proofpoint, the actor uses localized lures with colorful images that impersonate local banks, law enforcement, and shipping services. To date, Proofpoint has observed this actor send low volume campaigns to recipients in Austria, Chile, Greece, Hungary, Italy, North Macedonia, Netherlands, Spain, Sweden, Taiwan, United States, and Uruguay.

Viral pro-Trump tweets came from fake African American spam accounts, Twitter says

www.nbcnews.com/tech/security/viral-pro-trump-tweets-came-fake-african-american-spam-accounts-n1238553 Twitter has taken action to stop a spam operation that pushed messages from fake accounts about Black people abandoning the Democratic Party. Disinformation experts and national security agencies are gearing up for the election, anticipating that social media platforms will continue to be central to foreign and domestic efforts to mislead voters.

5G Mobile Network Security: U.S. Government’s Strategy

www.msspalert.com/cybersecurity-news/5g-doh-strategy/ The Department of Homeland Security’s cyber wing has released a five point plan to safeguard the nation’s budding 5G mobile network infrastructure against cyber threats.

Instagram Help Center’ Phishing Scam Pilfers Credentials

threatpost.com/instagram-help-center-phishing-scam-pilfers-credentials/158777/ Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. Researchers said that the campaign has been targeting hundreds of celebrities, startup business owners, and other entities with sizeable followings on Instagram.

Näin poistat tietokoneen datat turvallisesti ennen myyntiä: 4 vaihtoehtoa

www.tivi.fi/uutiset/tv/1361f684-1d3f-4d93-ac2f-0fcce2c32a13 Mitä tehdä kun olisi tarve päästä eroon vanhasta tietokoneesta turvallisesti? Koska tietotekniikka kannattaa kierrättää, on seuraava etappi joko koneen myyminen käytettynä tai vieminen SER-keräyspisteeseen. Molemmissa tapauksissa kaikki koneella oleva data on syytä poistaa ensin.

Tietoturvariskit, tietojen keruu käyttäjistä… 10 ajankohtaista kysymystä Koronavilkku-sovelluksesta

www.is.fi/digitoday/art-2000006617973.html Sovelluksen tarkoituksena on auttaa tartuntaketjujen katkaisemisessa ja lisätä ihmisten mahdollisuuksia huolehtia terveydestään. Sovellus perustuu käyttäjien täydelliseen vapaaehtoisuuteen, mutta mitä useampi sitä käyttää, sitä tehokkaampi se on.

New Zealand bourse resumes trade after cyber attacks, government activates security systems

www.reuters.com/article/uk-nzx-cyber/new-zealand-bourse-resumes-trade-after-cyber-attacks-government-activates-security-systems-idUSKBN25O03Q New Zealand’s stock exchange resumed trading on Friday, after facing disruptions for four consecutive days in the wake of cyber attacks this week, while the government said national security systems had been activated to support the bourse. Finance Minister Grant Robertson said the Government Communications Security Bureau and the national agency fighting cyber crime had been called in to help the bourse. “I can’t go into much more in terms of specific details other than to say that we as a government are treating this very seriously, ” Robertson said in a media briefing in Wellington.There is no clarity on who was behind these two “offshore” attacks, but the failure to stop them has raised questions about New Zealand’s security systems, experts said.

You might be interested in …

Daily NCSC-FI news followup 2019-09-18

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers customers.. The group, which we […]

Read More

Daily NCSC-FI news followup 2020-12-02

Using Speakeasy Emulation Framework Programmatically to Unpack Malware www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware unpacking. I will […]

Read More

Daily NCSC-FI news followup 2021-08-15

T-Mobile Investigating Claims of Massive Customer Data Breach www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.